CISCO-5795 (032590-000179) 

Amendments to the Claims; 

This listing of claims will replace all prior versions, and listings, of claims in the application: 

1. (Currently Amended) A method for single-step subscriber logon to a differentiated data 
communications network including a first domain and a second domain, said method 
comprising: 

communicating^ via by a network interface^ wkh between the network interface and a host, 
wherein said communicating comprises a transport of multi-protocol data packets over a 
point-to-point communication link between the host and the network interface; 

identifying a source address for the host; and 

authorizing the host to access said first domain and said second domain based upon login 
information obtained firom the host. 

2. (Previously Presented) The method of claim 1 further comprising: 
authenticating said subscriber based upon login information obtained fi-om the host. 

3. (Previously Presented) The method of claim 2 wherein said authenticating is accomplished 
using Link Control Protocol (LCP). 

4. (Previously Presented) The method of claim 1 wherein said identifying is accomplished 
using Internet Protocol Control Protocol (IPCP). 

5. (Previously Presented) The method of claim 1 wherein said identifying further comprises: 
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assigning an Internet Protocol address to the host from a pool of addresses located in a 

memory. 

6. (Previously Presented) The method of claim 1 wherein said identifying further comprises: 
assigning an Internet Protocol address to the host from an authentication reply packet 

received from an authentication server. 

7. (Previously Presented) The method of claim 1 wherein said communicating is accomplished 
using Point-to-Point Protocol (PPP). 

8. (Previously Presented) The method of claim 1 wherein said authorizing further comprises: 
writing said login information into a memory. 

9. (Currently Amended) A method for single-step subscriber logon to a differentiated data 
communications network including a first domain and a second domain, said method 
comprising: 

authenticating in a network interface a host based upon login information obtained from the 

host- 
communicating^ via by the network interface^ ¥»4th between the network interface and the 
host, wherein said communicating comprises a transport of multi-protocol data packets 
over a point-to-point link existing between the host and the network interface; 
identifying a source address for the host; 
writing said login information into a memory; and 
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authorizing the host to access said first domain and said second domain based upon said 

login infomiation. 

10. (Currently Amended) A method for single-step subscriber logon to a differentiated data 
communication network including same-session access capabilities to a first domain and a 
second domain, said method comprising: 

communicating via between a network interface with and a host, wherein said 

communicating comprises a transport of multi-protocol data packets over a point-to- 
point communication link between the host and the network interface; 

identifying a source address for the host; and 

authorizing the host to access said first domain and said second domain based upon login 
information obtained firom the host. 

1 1 . (Previously Presented) The method of claim 1 0 further comprising: 
authenticating the host based upon login information obtained firom the host. 

12. (Previously Presented) The method of claim 1 1 wherein said authenticating is accomplished 
using Link Control Protocol (LCP). 

13. (Previously Presented) The method of claim 10 wherein said identifying is accomplished 
using Intemet Protocol Control Protocol (IPCP). 

14. (Previously Presented) The method of claim 10 wherein said identifying fiirther comprises: 

Page 4 of 18 



CISCO-5795 (032590-000179) 
assigning an Internet Protocol address to the host from a pool of addresses located in a 

memory. 

15. (Previously Presented) The method of claim 10 wherein said identifying further comprises: 
assigning an Internet Protocol address to the host from an authentication reply packet 

received from an authentication server. 

16. (Previously Presented) The method of claim 10 wherein said communicating is 
accomplished using Point-to-Point Protocol (PPP). 

17. (Previously Presented) The method of claim 10 wherein said authorizing further comprises: 
writing said login information into a memory. 

18. (Currently Amended) A method for single-step subscriber logon to a differentiated data 
communication network including same-session access capabilities to a first domain and a 
second domain, said method comprising: 

authenticating a host based upon login information obtained from the host; 

communicating^ via by the network interface^ wife between the network interface and the 
host, wherein said communicating comprises a transport of multi-protocol data packets 
over a point-to-point link existing between the host and the network interface; 

identifying a source address for the host; 

writing said login information into a memory; and 
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authorizing the host to access said first domain and said second domain based upon said 

login information. 

19. (Currently Amended) A method for single-step subscriber logon of a host to a differentiated 
data communication network having access to a first domain and a second domain 
comprising: 

receiving login information from said host; 
authenticating said host based upon said login information; 
storing said login information in a memory; 

notifying said host once a successful authentication process has been completed; 
initiating an address allocation negotiation session; 
assigning a source address to said host; 

commimicating^ via by a network interface^ wiSA between the network interface and said 
host, wherein said communicating comprises a transport of multi-protocol data packets 
over a point-to-point link existing between said host and said network interface; and 

writing a subscriber-related entry into the memory based upon said source address and said 
login information. 

20. (Previously Presented) The method of claim 19 wherein said authenticating further 
comprises: 

processing an authentication request packet based upon said login information; 
sending said authentication request packet to an authentication memory bank; and 
receiving a reply packet from said authentication memory bank. 
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21. (Previously Presented) The method of claim 20 wherein said sending further comprises: 
sending said authentication request packet via a Remote Access Dial-In User Service 
(RADIUS) protocol communication link. 



22. (Previously Presented) The method of claim 20 wherein said writing further comprises: 
writing said subscriber-related entry into the memory based upon configuration information 

in said reply packet from said authentication memory bank. 

23. (Previously Presented) The method of claim 19 wherein said login information comprises a 
user name and a user authenticator. 

24. (Previously Presented) The method of claim 19 wherein said receiving further comprises: 
receiving login information using a Link Central Protocol (LCP) communication link. 

25. (Previously Presented) The method of claim 19 wherein said initiating further comprises: 
utilizing an Intemet Protocol Control Protocol (IPCP) communication link. 

26. (Previously Presented) The method of claim 19 wherein said assigning further comprises: 
retrieving a subscriber Intemet Protocol address from a pool of addresses located in the 

memory. 

27. (Previously Presented) The method of claim 19 wherein said assigning further comprises: 
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retrieving a subscriber Internet Protocol address from an access accept reply packet received 

from an authentication server. 

28. (Previously Presented) The method of claim 19 wherein said communicating fiirther 
comprises: 

utilizing a Point-to-Point Protocol session between said host and said network interface. 

29. (Previously Presented) An apparatus for single step logon of a host to a differentiated data 
communication network having the capacity to create same-session opeii channels to a first 
domain and a second domain, the apparatus comprising: 

means for communicating via a network interface with a host, wherein said commimicating 
comprises a transport of multi-protocol data packets over a point-to-point 
communication link existing between the host and the network interface; 

means for identifying a source address for the host; and 

means for authorizing the host to access said first domain and said second domain based 
upon login information obtained from the host. 

30. (Previously Presented) The apparatus of claim 29 further comprising: 

means for authenticating the host based upon login information obtained from the host. 

3 1 . (Previously Presented) The apparatus of claim 29 wherein said means for communicating 
further comprises: 
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means for communicating between the host and the network interface using a Point-to-Point 

Protocol session. 

32. (Previously Presented) The apparatus of claim 29 wherein said means for authorizing 
further comprises: 

means for writing said login information into a memory. 

33. (Currently Amended) An apparatus for single-step subscriber logon of a host to a 
differentiated data communication network having access to a first domain and a second 
domain comprising: 

means for receiving login information from said host; 

means for authenticating said host based upon said login information; 

means for storing said login information in a memory; 

means for notifying said host once a successful authentication process has been completed; 
means for initiating an address allocation negotiation session; 
means for assigning a source address to said host; 

means for communicating^ via by a network interface^ with between the network interface 
and said host, wherein said communicating comprises a transport of multi-protocol data 
packets over a point-to-point link existing between said host and said network interface; 
and 

means for writing a subscriber-related entry into the memory based upon said source address 
and said login information. 
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34. (Currently Amended) A program storage device readable by a machine, tangibly 

embodying a program of instructions executable by the machine to perform a method for 
single-step subscriber logon to a differentiated data communications network including a 
first domain and a second domain, said method comprising: 

communicating^ via by a network interface^ wife between the network interface and a host, 
wherein said communicating comprises a transport of multi-protocol data packets over a 
point-to-point communication link between the host and the network interface; 

identifying a source address for the host; and 

authorizing the host to access said first domain and said second domain based upon login 
information obtained firom the host. 

35. (Previously Presented) The program storage device of claim 34 wherein said method further 
comprises: 

authenticating the host based upon login information obtained fi-om the host. 

36. (Previously Presented) The program storage device of claim 34 wherein said authorizing 
further comprises: 

writing said login information into a memory. 

37. (Ciurently Amended) A program storage device readable by a machine, tangibly 
embodying a program of instructions executable by the machine to perform a method for 
single-step subscriber logon to a differentiated data conraiunication network including 
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secure simultaneous access capabilities to a first domain and a second domain, said miethod 

comprising: 

communicating^ via by a network interface^ ¥p4fe between the network interface and a host, 
wherein said communicating comprises a transport of multi-protocol data packets over a 
point-to-point communication link between the host and the network interface; 

identifying a source address for the host; and 

authorizing the host to access said first domain and said second domain based upon login 
information obtained firom the host. 

38. (Previously Presented) The program storage device of claim 37 wherein said method 
further comprises: 

authenticating the host based upon login information obtained fi^om the host. 

39. (Previously Presented) The program storage device of claim 37 wherein said method 
further comprises : 

writing said login information into a memory. 

40. (Previously Presented) A gateway for single-step subscriber logon of a host to a 
differentiated data communication network having access to a first domain and a second 
domain, the gateway comprising: 

a multi-protocol point-to-point link device for estabHshing a communication link for the 

transport of multi-protocol data packets between the host and the gateway; 
a source address device for obtaining a source address for the host; and 
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an authentication processor for authorizing the host to access the first domain and the second 

domain based upon login information obtained from the host. 

41 . (Previously Presented) The gateway as defined in claim 40, wherein the authentication 
processor authenticates the host based upon the login information. 

42. (Previously Presented) An apparatus for single-step subscriber logon of a host to a 
differentiated data communication network having access to a first domain and a second 
domain, the apparatus comprising: 

a multi-protocol point-tp-point link device in communication with the host for estabUshing a 
communication link; 

a source address device in communication with the host for negotiating a dynamic Intemet 

Protocol (IP) address; and 
an authentication processor for authorizing the host to access the first domain and the second 

domain based upon login information obtained from the host. 

43. (Previously Presented) The apparatus as defined in claim 42, wherein the authentication 
processor receives the login information from the host and authenticates the host. 

44. (Previously Presented) The apparatus as defined in claim 42, fiirther comprising a notifier 
in communication with the authentication processor and the host for notifying the host of an 
authentication status. 
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45. (Previously Presented) The apparatus as defined in claim 42, further comprising a 

registration memory in communication with the authentication processor and the source 
address device for tabulating the login information and the dynamic IP address. 

46. (Previously Presented) The gateway as defined in claim 40, fiirther comprising a 
notification device in communication with the authentication processor and the host for 
sending the host an authentication status. 

47. (Previously Presented) The gateway as defined in claim 40, further comprising a 
registration memory in communication with the authentication processor and the source 
address device for tabulating the login information and the source address. 

48. (Currently Amended) An apparatus for single-step subscriber logon to a differentiated 
data communications network including a first domain and a second domain, the apparatus 
comprising: 

means for communicating^ via by a network interface^ with between the network interface 
and a host, wherein the communicating comprises a transport of multi-protocol data 
packets over a point-to-point communication link between the host and the network 
interface; 

means for identifying a source address for the host; and 

means for authorizing the host to access the first domain and the second domain based upon 
login information obtained from the host. 
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49. (Previously Presented) The apparatus as defined in claim 48, further comprising means for 
authenticating the host based upon login information obtained from the host. 

50. (Previously Presented) The apparatus as defined in claim 48, wherein the means for 
identifying fiirther comprises means for assigning an Internet Protocol address to the host 
from a pool of addresses located in a memory. 

5 1 . (Previously Presented) The apparatus as defined in claim 48, wherein the means for 
identifying further comprises means for assigning an Internet Protocol address to the host 
from an authentication reply packet received from an authentication server. 

52. (Currently Amended) A program storage device readable by a machine, tangibly 
embodying a program of instructions executable by the machine to perform a method for 
single-step subscriber logon of a host to a differentiated data communication network having 
access to a first domain and a second domain, the method comprising: 

receiving login information from the host; 
authenticating the host based upon the login information; 
storing the login information in a memory; 

notifying the host once a successful authentication process has been completed; 
initiating an address allocation negotiation session; 
assigning a source address to the host; 
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communicating^ via by a network interface^ ^4th between the network interface and the host, 

wherein the communicating comprises a transport of multi-protocol data packets over a 

point-to-point link existing between the host and the network interface; and 

writing a subscriber-related entry into the memory based upon the source address and the 

login information. 

53. (Previously Presented) The program storage device as defined, in claim 52, wherein the 
authenticating further comprises: 

processing an authentication request packet based upon the login information; 
sending the authentication request packet to an authentication memory bank; and 
receiving a reply packet from the authentication memory bank. 

54. (Previously Presented) The program storage device as defined in claim 52, wherein the 

assigning further comprises: 

retrieving a subscriber Internet Protocol address from a pool of addresses located in the 
memory. 

55. (Previously Presented) The program storage device as defined in claim 52, wherein the 
assigning further comprises: 

retrieving a subscriber Intemet Protocol address from an access accept reply packet received 
from an authentication server. 
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